openstack-manuals

Document reserved uids/guids used by OpenStack

Bug #1239879 reported by Summer Long on 2013-10-14

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	openstack-manuals	Fix Released	Wishlist	Andreas Jaeger	openstack-manuals havana

Bug Description

After discussion on the list, it was decided to place them in getstart.xml, now in /common. Per Anne, don't use conditional markups, so perhaps a distribution-dependent table.

RHEL example:

keystone:x:163:163:OpenStack Keystone Daemons:/var/lib/keystone:sbin/nologin
glance:x:161:161:OpenStack Glance Daemons:/var/lib/glance:/sbin/nologin
cinder:x:165:165:OpenStack Cinder Daemons:/var/lib/cinder:/sbin/nologin
nova:x:162:162:OpenStack Nova Daemons:/var/lib/nova:/sbin/nologin

Plus neutron, swift, ceilometer, heat?

And if we're including info for third-party glue, then possibly:

mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash
qpidd:x:498:499:Owner of Qpidd Daemons:/var/lib/qpidd:/sbin/nologin
nagios:x:496:495::/var/spool/nagios:/sbin/nologin

Revision history for this message

Summer Long (slong-g) wrote on 2013-10-15:

Additional notes: Sometimes organizations assign UIDs/GIDs in the reserved range (currently 0-500 in RHEL) to other third party software or systems. As a result when installing software that requires one or more UIDs/GIDs, administrators are interested in knowing what they are so they can change them (or those of existing systems if necessary). It may also come up via a security audit.
So, because OpenStack appears to reserve a number of UIDs/GIDs in a typical deployment, this theoretically increases the chances of clashing with something else installed at a specific site.

Hence, needing to know the numbers, and here are the rest of OpenStack gids that I can see for RHEL
(/etc/password shows installed, /usr/share/doc/setup-<version>/uidgid shows reserved)
neutron:x:164:164:OpenStack Quantum Daemons:/var/lib/neutron:/sbin/nologin
mongodb:x:184:495:MongoDB Database Server:/var/lib/mongodb:/sbin/nologin
memcached:x:497:496:Memcached daemon:/var/run/memcached:/sbin/nologin
ceilometer:x:166:166:OpenStack ceilometer Daemons:/var/lib/ceilometer:/sbin/nologin
heat:x:187:187:OpenStack Heat Daemons:/var/lib/heat:/sbin/nologin
swift:x;160:160:OpenStack Swift Daemons:/var/lib/swift:/sbin/nologin

Probably best to start non-reserved gids at something higher then 1000, perhaps 5000 is a good best-practice strategy.

Tom Fifield (fifieldt) on 2013-10-15

Changed in openstack-manuals:
status:	New → Confirmed
importance:	Undecided → Wishlist
milestone:	none → havana

Revision history for this message

Andreas Jaeger (jaegerandi) wrote on 2013-12-20:

Summer, do you have a link to the list discussion? I don't see yet why having such a table would help. Adding one is easy but the question to me is what kind of introduction is needed...

Andreas Jaeger (jaegerandi) on 2013-12-22

Changed in openstack-manuals:
assignee:	nobody → Andreas Jaeger (jaegerandi)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2013-12-22: Fix proposed to openstack-manuals (master)

Fix proposed to branch: master
Review: https://review.openstack.org/63631

Changed in openstack-manuals:
status:	Confirmed → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2013-12-30: Fix merged to openstack-manuals (master)

Reviewed: https://review.openstack.org/63631
Committed: https://git.openstack.org/cgit/openstack/openstack-manuals/commit/?id=f46adca7488d8a383b4f6adb86bf3e93ebfcd6b0
Submitter: Jenkins
Branch: master

commit f46adca7488d8a383b4f6adb86bf3e93ebfcd6b0
Author: Andreas Jaeger <email address hidden>
Date: Sun Dec 22 15:10:15 2013 +0100

Install Guide: Add table documenting reserved UIDs

    Add a table documenting the reserved UIDs that are used by
    OpenStack.
    This is information that belongs IMO into an appendix, let's make
    it specific for each distribution.

    backport: none
    Change-Id: I66f861b4ad84231af5053826dbc47df4d91bc0b9
    Closes-Bug: #1239879

Changed in openstack-manuals:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-03-24: Fix included in openstack/openstack-manuals 15.0.0

This issue was fixed in the openstack/openstack-manuals 15.0.0 release.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.